Ax Sharma
@axsharma.com
Journalist and Security Researcher. Bylines/seen on: BleepingComputer, BBC, Channel 5, TechCrunch, WIRED.
📍🇨🇦 | 🇬🇧 | 🇮🇳
www.axsharma.com
X/Twitter: @Ax_Sharma
📍🇨🇦 | 🇬🇧 | 🇮🇳
www.axsharma.com
X/Twitter: @Ax_Sharma
Pinned
Ax Sharma
@axsharma.com
· Apr 16
The £2M scam operation that conned British people looking to get European EHIC health coverage cards that are otherwise free.
🎬 Watch on-demand or online @ Channel 5 UK:
📺 Scams: Don't Get Caught Out. Season 3.
🎬 Watch on-demand or online @ Channel 5 UK:
📺 Scams: Don't Get Caught Out. Season 3.
Exclusive: DoorDash email spoofing vulnerability disclosure goes off-track.
The researcher contends the company ignored the issue until pressured. The company says the pressure, which it deems extortion, itself crossed ethical lines.
www.bleepingcomputer.com/news/securit...
#bugbounty #hacking
The researcher contends the company ignored the issue until pressured. The company says the pressure, which it deems extortion, itself crossed ethical lines.
www.bleepingcomputer.com/news/securit...
#bugbounty #hacking
DoorDash email spoofing vulnerability sparks messy disclosure dispute
A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now pat...
www.bleepingcomputer.com
November 17, 2025 at 4:38 PM
Exclusive: DoorDash email spoofing vulnerability disclosure goes off-track.
The researcher contends the company ignored the issue until pressured. The company says the pressure, which it deems extortion, itself crossed ethical lines.
www.bleepingcomputer.com/news/securit...
#bugbounty #hacking
The researcher contends the company ignored the issue until pressured. The company says the pressure, which it deems extortion, itself crossed ethical lines.
www.bleepingcomputer.com/news/securit...
#bugbounty #hacking
Reposted by Ax Sharma
🇦🇺 ASD: Annual Cyber Threat Report 2024-2025. What ASD's ACSC saw: www.cyber.gov.au/about-us/vie... #australia #cybersecurity cc @gate15.bsky.social @campuscodi.risky.biz
November 14, 2025 at 1:28 PM
🇦🇺 ASD: Annual Cyber Threat Report 2024-2025. What ASD's ACSC saw: www.cyber.gov.au/about-us/vie... #australia #cybersecurity cc @gate15.bsky.social @campuscodi.risky.biz
DoorDash has disclosed a new data breach from 19 days ago: customer names, addresses, phone numbers and emails have been accessed.
The cause? A social engineering attack on an employee.
www.bleepingcomputer.com/news/securit...
The cause? A social engineering attack on an employee.
www.bleepingcomputer.com/news/securit...
DoorDash hit by yet another data breach this October
DoorDash has disclosed a data breach that hit the food delivery platform this October. Beginning yesterday evening, DoorDash, which serves millions of customers across the U.S., Canada, Australia, and...
www.bleepingcomputer.com
November 14, 2025 at 4:46 AM
DoorDash has disclosed a new data breach from 19 days ago: customer names, addresses, phone numbers and emails have been accessed.
The cause? A social engineering attack on an employee.
www.bleepingcomputer.com/news/securit...
The cause? A social engineering attack on an employee.
www.bleepingcomputer.com/news/securit...
The world's largest software supply chain attack stole just $600, but cost teams thousands of engineering hours.
Modern supply chain attacks are evolving and shaping the threat landscape: from AI-assisted #phishing to self-replicating "worms."
www.csoonline.com/article/4081...
Modern supply chain attacks are evolving and shaping the threat landscape: from AI-assisted #phishing to self-replicating "worms."
www.csoonline.com/article/4081...
Modern supply-chain attacks and their real-world impact
Supply-chain attacks have evolved considerably in the las two years going from dependency confusion or stolen SSL among others once common attacks to AI-backed social engineering and open-source regis...
www.csoonline.com
November 6, 2025 at 12:33 PM
The world's largest software supply chain attack stole just $600, but cost teams thousands of engineering hours.
Modern supply chain attacks are evolving and shaping the threat landscape: from AI-assisted #phishing to self-replicating "worms."
www.csoonline.com/article/4081...
Modern supply chain attacks are evolving and shaping the threat landscape: from AI-assisted #phishing to self-replicating "worms."
www.csoonline.com/article/4081...
Cybersecurity firm FuzzingLabs has accused Y Combinator-backed Gecko Security of "stealing" its vulnerability disclosures and back-dating blog posts. Gecko has denied wrongdoing.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Security firms debate CVE credit in overlapping vulnerability reports
FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs' reports without crediting t...
www.bleepingcomputer.com
October 14, 2025 at 3:54 PM
Cybersecurity firm FuzzingLabs has accused Y Combinator-backed Gecko Security of "stealing" its vulnerability disclosures and back-dating blog posts. Gecko has denied wrongdoing.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
TLDR: Claim your dollar, beware of phishing attempts. And, lawyers be getting rich.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
ParkMobile pays... $1 each for 2021 data breach that hit 22 million
ParkMobile has finally wrapped up a class action lawsuit over the platform's 2021 data breach that hit 22 million users. But there's a catch: victims are receiving compensation in the form of a $1 in-...
www.bleepingcomputer.com
October 5, 2025 at 12:27 PM
TLDR: Claim your dollar, beware of phishing attempts. And, lawyers be getting rich.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
We’ve seen QR codes in scams before, but those relied on people scanning them. @socket.dev's new discovery shows malware using QR codes to talk to its C2 server — traffic that to security tools looks like harmless image exchanges.
www.bleepingcomputer.com/news/securit...
#malware #opensource #npm
www.bleepingcomputer.com/news/securit...
#malware #opensource #npm
NPM package caught using QR Code to fetch cookie-stealing malware
Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this innovat...
www.bleepingcomputer.com
September 23, 2025 at 10:49 AM
We’ve seen QR codes in scams before, but those relied on people scanning them. @socket.dev's new discovery shows malware using QR codes to talk to its C2 server — traffic that to security tools looks like harmless image exchanges.
www.bleepingcomputer.com/news/securit...
#malware #opensource #npm
www.bleepingcomputer.com/news/securit...
#malware #opensource #npm
Self-propagating supply chain attack on 187 npm projects also hit CrowdStrike's namespace.
Statement from CrowdStrike 👇
www.bleepingcomputer.com/news/securit...
Statement from CrowdStrike 👇
www.bleepingcomputer.com/news/securit...
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the comprom...
www.bleepingcomputer.com
September 16, 2025 at 4:49 PM
Self-propagating supply chain attack on 187 npm projects also hit CrowdStrike's namespace.
Statement from CrowdStrike 👇
www.bleepingcomputer.com/news/securit...
Statement from CrowdStrike 👇
www.bleepingcomputer.com/news/securit...
Reposted by Ax Sharma
Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts.
No, Google did not warn 2.5 billion Gmail users to reset passwords
Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts.
www.bleepingcomputer.com
September 2, 2025 at 2:57 PM
Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts.
Booking[.]com phishing campaign uses sneaky 'ん' character, which can look like '/~' in some fonts, to trick you and deliver #malware. Another creative use of homoglyphs by threat actors.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Booking.com phishing campaign uses sneaky 'ん' character to trick you
Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana c...
www.bleepingcomputer.com
August 14, 2025 at 2:30 PM
Booking[.]com phishing campaign uses sneaky 'ん' character, which can look like '/~' in some fonts, to trick you and deliver #malware. Another creative use of homoglyphs by threat actors.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Reposted by Ax Sharma
Law enforcement has delivered a $1 million-sized headache to a Russian ransomware gang.
BlackSuit (formerly "Royal") has been tormenting over 450 US organisations across critical sectors such as healthcare, education, public safety, energy, manufacturing, and government.
BlackSuit (formerly "Royal") has been tormenting over 450 US organisations across critical sectors such as healthcare, education, public safety, energy, manufacturing, and government.
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang
The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang's servers, domains, and dark web extortion site, also saw the seizure of US $1,091,4...
www.bitdefender.com
August 12, 2025 at 2:05 PM
Law enforcement has delivered a $1 million-sized headache to a Russian ransomware gang.
BlackSuit (formerly "Royal") has been tormenting over 450 US organisations across critical sectors such as healthcare, education, public safety, energy, manufacturing, and government.
BlackSuit (formerly "Royal") has been tormenting over 450 US organisations across critical sectors such as healthcare, education, public safety, energy, manufacturing, and government.
Looking like a busy Wednesday for National Bank
www.bleepingcomputer.com/news/technol...
www.bleepingcomputer.com/news/technol...
National Bank of Canada online systems down due to 'technical issue'
National Bank of Canada (Banque Nationale du Canada), the sixth largest commercial bank of Canada is currently experiencing a widespread service outage affecting its online banking and mobile app plat...
www.bleepingcomputer.com
August 6, 2025 at 2:02 PM
Looking like a busy Wednesday for National Bank
www.bleepingcomputer.com/news/technol...
www.bleepingcomputer.com/news/technol...
npm has "accidentally" taken down all versions of the legitimate Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide.
bleepingcomputer.com/news/securit...
#opensource #supplychain #javascript
bleepingcomputer.com/news/securit...
#opensource #supplychain #javascript
npm 'accidentally' removes Stylus package, breaks builds and pipelines
npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package.
bleepingcomputer.com
July 23, 2025 at 2:07 PM
npm has "accidentally" taken down all versions of the legitimate Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide.
bleepingcomputer.com/news/securit...
#opensource #supplychain #javascript
bleepingcomputer.com/news/securit...
#opensource #supplychain #javascript
Reposted by Ax Sharma
New, by me: Scott Zuckerman, a spyware founder who was banned from the surveillance industry by the FTC after one of his spyware companies had a data breach, now wants the FTC to *unban* him.
Zuckerman claims the cybersecurity requirements put on him after the breach are an "unnecessary burden."
Zuckerman claims the cybersecurity requirements put on him after the breach are an "unnecessary burden."
Serial spyware founder Scott Zuckerman wants the FTC to unban him from the surveillance industry | TechCrunch
The spyware maker was banned from the surveillance industry in 2021, but was caught flouting the ban less than a year later. Now the founder wants the ban lifted altogether.
techcrunch.com
July 21, 2025 at 10:47 PM
New, by me: Scott Zuckerman, a spyware founder who was banned from the surveillance industry by the FTC after one of his spyware companies had a data breach, now wants the FTC to *unban* him.
Zuckerman claims the cybersecurity requirements put on him after the breach are an "unnecessary burden."
Zuckerman claims the cybersecurity requirements put on him after the breach are an "unnecessary burden."
🎞️ All day: Exposing cybercrime and the latest hacks targeting real people for Rip-Off Britain @ BBC Studios, MediaCityUK.
June 28, 2025 at 1:07 PM
🎞️ All day: Exposing cybercrime and the latest hacks targeting real people for Rip-Off Britain @ BBC Studios, MediaCityUK.
Exclusive: Instagram ads appearing to be from Bank of Montreal (BMO) are using AI deepfake videos of finance experts to scam consumers into investment fraud.
Ads for 'EQ Bank' take users to phishing domains to collect their banking information.
www.bleepingcomputer.com/news/securit...
Ads for 'EQ Bank' take users to phishing domains to collect their banking information.
www.bleepingcomputer.com/news/securit...
Instagram 'BMO' ads use AI deepfakes to scam banking customers
Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud.
Some ...
www.bleepingcomputer.com
June 18, 2025 at 12:35 PM
Exclusive: Instagram ads appearing to be from Bank of Montreal (BMO) are using AI deepfake videos of finance experts to scam consumers into investment fraud.
Ads for 'EQ Bank' take users to phishing domains to collect their banking information.
www.bleepingcomputer.com/news/securit...
Ads for 'EQ Bank' take users to phishing domains to collect their banking information.
www.bleepingcomputer.com/news/securit...
The £2M scam operation that conned British people looking to get European EHIC health coverage cards that are otherwise free.
🎬 Watch on-demand or online @ Channel 5 UK:
📺 Scams: Don't Get Caught Out. Season 3.
🎬 Watch on-demand or online @ Channel 5 UK:
📺 Scams: Don't Get Caught Out. Season 3.
April 16, 2025 at 4:28 PM
The £2M scam operation that conned British people looking to get European EHIC health coverage cards that are otherwise free.
🎬 Watch on-demand or online @ Channel 5 UK:
📺 Scams: Don't Get Caught Out. Season 3.
🎬 Watch on-demand or online @ Channel 5 UK:
📺 Scams: Don't Get Caught Out. Season 3.
Reposted by Ax Sharma
Google has announced that it's retiring separate country code top-level domain names like google.co.uk or google.com.br and redirecting users to Google.com.
Google begins unifying search country domains to Google.com
Google has announced that it's retiring separate country code top-level domain names like google.co.uk or google.com.br and redirecting users to Google.com.
www.bleepingcomputer.com
April 16, 2025 at 2:47 PM
Google has announced that it's retiring separate country code top-level domain names like google.co.uk or google.com.br and redirecting users to Google.com.
Reposted by Ax Sharma
Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products.
Jira Down: Atlassian users experiencing degraded performance
Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products.
www.bleepingcomputer.com
April 16, 2025 at 2:38 PM
Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products.
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware
www.sonatype.com/blog/fake-vs...
#malware #opensource #npm
www.sonatype.com/blog/fake-vs...
#malware #opensource #npm
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware
A fake 'Truffle for VS Code' npm package delivers stealthy malware via a ScreenConnect installer. Learn how it evades detection and threatens developers.
www.sonatype.com
February 7, 2025 at 3:25 PM
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware
www.sonatype.com/blog/fake-vs...
#malware #opensource #npm
www.sonatype.com/blog/fake-vs...
#malware #opensource #npm
Reposted by Ax Sharma
A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers.
Google Play, Apple App Store apps caught stealing crypto wallets
A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers.
www.bleepingcomputer.com
February 4, 2025 at 8:16 PM
A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers.
European Space Agency's online shop hacked this week to quietly load JavaScript that generates fake Stripe payment form at checkout 💳
via @sans.ec @ionila.bsky.social
www.bleepingcomputer.com/news/securit...
via @sans.ec @ionila.bsky.social
www.bleepingcomputer.com/news/securit...
European Space Agency's official store hacked to steal payment cards
European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.
www.bleepingcomputer.com
December 24, 2024 at 5:13 PM
European Space Agency's online shop hacked this week to quietly load JavaScript that generates fake Stripe payment form at checkout 💳
via @sans.ec @ionila.bsky.social
www.bleepingcomputer.com/news/securit...
via @sans.ec @ionila.bsky.social
www.bleepingcomputer.com/news/securit...
npm packages from Rspack and Vant compromised via compromised #npm tokens. Ensure you are not running a compromised version and remember to scan your systems for signs of compromise.
www.sonatype.com/blog/npm-pac...
www.sonatype.com/blog/npm-pac...
npm packages from Rspack, Vant compromised, blocked by Sonatype
Fairly popular npm packages, @rspack/core and @rspack/cli were hijacked yesterday after attackers got their hands on a compromised npm token and published malicious versions 1.1.7 of these projects. T...
www.sonatype.com
December 20, 2024 at 7:46 AM
npm packages from Rspack and Vant compromised via compromised #npm tokens. Ensure you are not running a compromised version and remember to scan your systems for signs of compromise.
www.sonatype.com/blog/npm-pac...
www.sonatype.com/blog/npm-pac...
Reposted by Ax Sharma
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
December 3, 2024 at 11:47 PM
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
UK completes its rollout of e-visas. Biometric Residence Permit (BRP) holders should switch to an e-visa ASAP.
"Expired documents will be valid for international travel for a limited time into 2025" advises Home Office to the press.
www.gov.uk/get-access-e...
"Expired documents will be valid for international travel for a limited time into 2025" advises Home Office to the press.
www.gov.uk/get-access-e...
Get access to your online immigration status (eVisa)
Set up a UKVI account and access your eVisa.
www.gov.uk
December 4, 2024 at 3:52 PM
UK completes its rollout of e-visas. Biometric Residence Permit (BRP) holders should switch to an e-visa ASAP.
"Expired documents will be valid for international travel for a limited time into 2025" advises Home Office to the press.
www.gov.uk/get-access-e...
"Expired documents will be valid for international travel for a limited time into 2025" advises Home Office to the press.
www.gov.uk/get-access-e...